tkhq · cr-tk · Jun 26, 2025
@@ -18,7 +18,7 @@ fn nitro_heartbeat() {
 		read(fd, buf.as_ptr() as _, 1);
 		close(fd);
 	}
-	dmesg(format!("Sent NSM heartbeat"));
+	dmesg("Sent NSM heartbeat".to_string());
 }
 
 /// Initialize nitro device
@@ -27,12 +27,12 @@ pub fn init_platform() {
 	nitro_heartbeat();
 
 	match insmod("/nsm.ko") {
-		Ok(()) => dmesg(format!("Loaded nsm.ko")),
+		Ok(()) => dmesg("Loaded nsm.ko".to_string()),
 		Err(e) => eprintln!("{}", e),
 	};
 
 	match check_hwrng("nsm-hwrng") {
-		Ok(()) => dmesg(format!("Validated entropy source is nsm-hwrng")),
+		Ok(()) => dmesg("Validated entropy source is nsm-hwrng".to_string()),
 		Err(e) => {
 			eprintln!("{}", e);
 			poweroff();

@@ -142,7 +142,8 @@ fn export_key_internal(
 fn validate_manifest(
 	new_manifest_envelope: &ManifestEnvelope,
 	old_manifest_envelope: &ManifestEnvelope,
-	_attestation_doc: &AttestationDoc,
+	#[allow(unused_variables)]
+	attestation_doc: &AttestationDoc,
 ) -> Result<(), ProtocolError> {
 	// 2. Check the signatures over the New Manifest. Ensures that K Manifest
 	// Set Members approved the New Manifest.
@@ -221,7 +222,7 @@ fn validate_manifest(
 	#[cfg(not(feature = "mock"))]
 	{
 		qos_nsm::nitro::verify_attestation_doc_against_user_input(
-			_attestation_doc,
+			attestation_doc,
 			&new_manifest_envelope.manifest.qos_hash(),
 			&new_manifest_envelope.manifest.enclave.pcr0,
 			&new_manifest_envelope.manifest.enclave.pcr1,

@@ -185,6 +185,7 @@ impl ProtocolState {
 		attestor: Box<dyn NsmProvider>,
 		handles: Handles,
 		app_addr: SocketAddress,
+		#[allow(unused_variables)]
 		test_only_init_phase_override: Option<ProtocolPhase>,
 	) -> Self {
 		let provisioner = SecretBuilder::new();

@@ -137,16 +137,16 @@ fn boot() -> String {
 	})
 	.ok_or_exit_with_errno(None);
 
-	return get_id_by_name(enclave_name)
-		.or_else(|_| Err("Failed to parse enclave name"))
-		.unwrap();
+	get_id_by_name(enclave_name)
+		.map_err(|_| "Failed to parse enclave name")
+		.unwrap()
 }
 
 fn shutdown(enclave_id: String, sig_num: i32) {
 	println!("Got signal: {}", sig_num);
 	println!("Shutting down Enclave");
 	let mut comm = enclave_proc_connect_to_single(&enclave_id)
-		.or_else(|_| Err("Failed to send command to Enclave"))
+		.map_err(|_| "Failed to send command to Enclave")
 		.unwrap();
 
 	// TODO: Replicate output of old CLI on invalid enclave IDs.
@@ -155,7 +155,7 @@ fn shutdown(enclave_id: String, sig_num: i32) {
 		None,
 		&mut comm,
 	)
-	.or_else(|_| Err("Unable to terminate Enclave"));
+	.map_err(|_| "Unable to terminate Enclave");
 
 	exit(0);
 }
@@ -190,23 +190,23 @@ fn handle_signals() -> c_int {
 	unsafe { sigaddset(&mut mask, SIGINT) };
 	unsafe { sigaddset(&mut mask, SIGTERM) };
 	unsafe { sigprocmask(SIG_BLOCK, &mask, ptr::null_mut()) };
-	let signal = unsafe { sigwaitinfo(&mask, ptr::null_mut()) } as i32;
-	return signal;
+	// return signal
+	(unsafe { sigwaitinfo(&mask, ptr::null_mut()) }) as i32
 }
 
 fn main() {
 	println!("Booting Nitro Enclave:");
 
-	//TODO: Implement ability to allow skipping boot
-	//let allow_skip: _ = std::env::var("ALLOW_SKIP_BOOT")
-	//    .unwrap_or("false".to_string())
-	//    .trim().parse::<F>().unwrap();
-	//boot(allow_skip);
+	// TODO: Implement ability to allow skipping boot
+	// let allow_skip: _ = std::env::var("ALLOW_SKIP_BOOT")
+	//     .unwrap_or("false".to_string())
+	//     .trim().parse::<F>().unwrap();
+	// boot(allow_skip);
 
 	let enclave_id = boot();
 
 	match healthy() {
-		Ok(_) => eprintln!("{}", "Enclave is healthy"),
+		Ok(_) => eprintln!("Enclave is healthy"),
 		Err(e) => eprintln!("Enclave is sad: {}", e),
 	};
 

@@ -91,6 +91,8 @@ pub fn freopen(
 		freopen(
 			filename_cs.as_ptr(),
 			mode_cs.as_ptr(),
+			// TODO clippy says the pointer casting is unecessary
+			// is this true for all configurations and platforms?
 			fdopen(file, mode_cs.as_ptr() as *const i8),
 		)
 	}
@@ -164,22 +166,22 @@ pub fn check_hwrng(rng_expected: &str) -> Result<(), SystemError> {
 	Ok(())
 }
 
-#[cfg(any(target_env = "musl"))]
-type ioctl_num_type = ::libc::c_int;
-#[cfg(not(any(target_env = "musl")))]
-type ioctl_num_type = ::libc::c_ulong;
+#[cfg(target_env = "musl")]
+type IoctlNumType = ::libc::c_int;
+#[cfg(not(target_env = "musl"))]
+type IoctlNumType = ::libc::c_ulong;
 
-const IOCTL_VM_SOCKETS_GET_LOCAL_CID: ioctl_num_type = 0x7b9;
+const IOCTL_VM_SOCKETS_GET_LOCAL_CID: IoctlNumType = 0x7b9;
 
 pub fn get_local_cid() -> Result<u32, SystemError> {
 	use libc::ioctl;
 	let f = match File::open("/dev/vsock") {
 		Ok(f) => f,
-		Err(e) => return Err(SystemError{ message: format!("Failed to open /dev/vsock") }),
+		Err(_e) => return Err(SystemError{ message: "Failed to open /dev/vsock".to_string() }),
 	};
 	let mut cid = 0;
 	if unsafe { ioctl(f.as_raw_fd(), IOCTL_VM_SOCKETS_GET_LOCAL_CID, &mut cid) } == -1 {
 		return Err(SystemError{ message: "Failed to fetch local CID".to_string() });
 	}
-	return Ok(cid);
+	Ok(cid)
 }